Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name.
https://testzone.secunia.com/advisories/10861
https://exchange.xforce.ibmcloud.com/vulnerabilities/15194